Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

securitytxt-middleware

bdryanovski5MIT1.0.0

Express middleware to provide interface for Security Vulnerability Disclosure

express, security, connect, middleware

readme

SecurityTxt

Express middleware to provide interface for Security Vulnerability Disclosure security.txt

The middleware is base on the (draft-foudil-securitytxt-09)[https://tools.ietf.org/html/draft-foudil-securitytxt-09]

Install

npm install securitytxt-middleware --save

Usage

const express = require('express');
const securityTxtMiddleware = require('securitytxt-middleware')
const app = express();
const port = 3000;

const securityTxtConfig = {
  Contact: 'mailto:security@website.com',
  Encryption: 'https://website.com/sign.pgp',
  Anknowledgments: 'https://website.com/thank-you.html',
  'Preferred-Languages': 'en',
  Policy: 'https://website.com/policy.html',
}

const securityTxtPath = './security.txt';

// object with key:value
app.use('/.well-known/security.txt', securityTxtMiddleware(securityTxtConfig))

// path to file to read and send
app.use('/.well-known/security_file.txt', securityTxtMiddleware(securityTxtPath))

app.get('/', (req, res) => res.send('Hello World!'));

app.listen(port, () => console.log(`Example app listening at http://localhost:${port}`));

There are two types of argument that the middleware could accept

  • Object
  • Path to file